1 libpve-access-control (7.4-3) bullseye; urgency=medium
3 * use new 2nd factor verification from pve-rs
5 -- Proxmox Support Team <support@proxmox.com> Tue, 16 May 2023 13:31:28 +0200
7 libpve-access-control (7.4-2) bullseye; urgency=medium
9 * fix #4609: fix regression where a valid DN in the ldap/ad realm config
10 wasn't accepted anymore
12 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Mar 2023 15:44:21 +0100
14 libpve-access-control (7.4-1) bullseye; urgency=medium
16 * realm sync: refactor scope/remove-vanished into a standard option
18 * ldap: Allow quoted values for DN attribute values
20 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Mar 2023 17:16:11 +0100
22 libpve-access-control (7.3-2) bullseye; urgency=medium
24 * fix #4518: dramatically improve ACL computation performance
26 * userid format: clarify that this is the full name@realm in description
28 -- Proxmox Support Team <support@proxmox.com> Mon, 06 Mar 2023 11:40:11 +0100
30 libpve-access-control (7.3-1) bullseye; urgency=medium
32 * realm: sync: allow explicit 'none' for 'remove-vanished' option
34 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Dec 2022 13:11:04 +0100
36 libpve-access-control (7.2-5) bullseye; urgency=medium
38 * api: realm sync: avoid separate log line for "remove-vanished" opt
40 * auth ldap/ad: compare group member dn case-insensitively
42 * two factor auth: only lock tfa config for recovery keys
44 * privs: add Sys.Incoming for guarding cross-cluster data streams like guest
45 migrations and storage migrations
47 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 13:09:17 +0100
49 libpve-access-control (7.2-4) bullseye; urgency=medium
51 * fix #4074: increase API OpenID code size limit to 2048
53 * auth key: protect against rare chance of a double rotation in clusters,
54 leaving the potential that some set of nodes have the earlier key cached,
55 that then got rotated out due to the race, resulting in a possible other
56 set of nodes having the newer key cached. This is a split view of the auth
57 key and may resulting in spurious failures if API requests are made to a
58 different node than the ticket was generated on.
59 In addition to that, the "keep validity of old tickets if signed in the
60 last two hours before rotation" logic was disabled too in such a case,
61 making such tickets invalid too early.
62 Note that both are cases where Proxmox VE was too strict, so while this
63 had no security implications it can be a nuisance, especially for
64 environments that use the API through an automated or scripted way
66 -- Proxmox Support Team <support@proxmox.com> Thu, 14 Jul 2022 08:36:51 +0200
68 libpve-access-control (7.2-3) bullseye; urgency=medium
70 * api: token: use userid-group as API perm check to avoid being overly
71 strict through a misguided use of user id for non-root users.
73 * perm check: forbid undefined/empty ACL path for future proofing of against
76 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Jun 2022 15:51:14 +0200
78 libpve-access-control (7.2-2) bullseye; urgency=medium
80 * permissions: merge propagation flag for multiple roles on a path that
81 share privilege in a deterministic way, to avoid that it gets lost
82 depending on perl's random sort, which would result in returing less
83 privileges than an auth-id actually had.
85 * permissions: avoid that token and user privilege intersection is to strict
86 for user permissions that have propagation disabled.
88 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200
90 libpve-access-control (7.2-1) bullseye; urgency=medium
92 * user check: fix expiration/enable order
94 -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200
96 libpve-access-control (7.1-8) bullseye; urgency=medium
98 * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
101 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200
103 libpve-access-control (7.1-7) bullseye; urgency=medium
105 * userid-group check: distinguish create and update
107 * api: get user: declare token schema
109 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100
111 libpve-access-control (7.1-6) bullseye; urgency=medium
113 * fix #3768: warn on bad u2f or webauthn settings
115 * tfa: when modifying others, verify the current user's password
117 * tfa list: account for admin permissions
119 * fix realm sync permissions
121 * fix token permission display bug
123 * include SDN permissions in permission tree
125 -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100
127 libpve-access-control (7.1-5) bullseye; urgency=medium
129 * openid: fix username-claim fallback
131 -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100
133 libpve-access-control (7.1-4) bullseye; urgency=medium
135 * set current origin in the webauthn config if no fixed origin was
136 configured, to support webauthn via subdomains
138 -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100
140 libpve-access-control (7.1-3) bullseye; urgency=medium
142 * openid: allow arbitrary username-claims
144 * openid: support configuring the prompt, scopes and ACR values
146 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100
148 libpve-access-control (7.1-2) bullseye; urgency=medium
150 * catch incompatible tfa entries with a nice error
152 -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
154 libpve-access-control (7.1-1) bullseye; urgency=medium
156 * tfa: map HTTP 404 error in get_tfa_entry correctly
158 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
160 libpve-access-control (7.0-7) bullseye; urgency=medium
162 * fix #3513: pass configured proxy to OpenID
164 * use rust based parser for TFA config
166 * use PBS-like auth api call flow,
168 * merge old user.cfg keys to tfa config when adding entries
170 * implement version checks for new tfa config writer to ensure all
171 cluster nodes are ready to avoid login issues
173 * tickets: add tunnel ticket
175 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
177 libpve-access-control (7.0-6) bullseye; urgency=medium
179 * fix regression in user deletion when realm does not enforce TFA
181 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
183 libpve-access-control (7.0-5) bullseye; urgency=medium
185 * acl: check path: add /sdn/vnets/* path
187 * fix #2302: allow deletion of users when realm enforces TFA
189 * api: delete user: disable user first to avoid surprise on error during the
190 various cleanup action required for user deletion (e.g., TFA, ACL, group)
192 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
194 libpve-access-control (7.0-4) bullseye; urgency=medium
196 * realm: add OpenID configuration
198 * api: implement OpenID related endpoints
200 * implement opt-in OpenID autocreate user feature
202 * api: user: add 'realm-type' to user list response
204 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
206 libpve-access-control (7.0-3) bullseye; urgency=medium
208 * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
209 `/sdn/zones/<zone>` to allowed ACL paths
211 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
213 libpve-access-control (7.0-2) bullseye; urgency=medium
215 * fix #3402: add Pool.Audit privilege - custom roles containing
216 Pool.Allocate must be updated to include the new privilege.
218 -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
220 libpve-access-control (7.0-1) bullseye; urgency=medium
222 * re-build for Debian 11 Bullseye based releases
224 -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
226 libpve-access-control (6.4-1) pve; urgency=medium
228 * fix #1670: change PAM service name to project specific name
230 * fix #1500: permission path syntax check for access control
232 * pveum: add resource pool CLI commands
234 -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
236 libpve-access-control (6.1-3) pve; urgency=medium
238 * partially fix #2825: authkey: rotate if it was generated in the
241 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
244 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
246 libpve-access-control (6.1-2) pve; urgency=medium
248 * also check SDN permission path when computing coarse permissions heuristic
251 * add SDN Permissions.Modify
253 * add VM.Config.Cloudinit
255 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
257 libpve-access-control (6.1-1) pve; urgency=medium
259 * pveum: add tfa delete subcommand for deleting user-TFA
261 * LDAP: don't complain about missing credentials on realm removal
263 * LDAP: skip anonymous bind when client certificate and key is configured
265 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
267 libpve-access-control (6.0-7) pve; urgency=medium
269 * fix #2575: die when trying to edit built-in roles
271 * add realm sub commands to pveum CLI tool
273 * api: domains: add user group sync API endpoint
275 * allow one to sync and import users and groups from LDAP/AD based realms
277 * realm: add default-sync-options to config for more convenient sync configuration
279 * api: token create: return also full token id for convenience
281 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
283 libpve-access-control (6.0-6) pve; urgency=medium
285 * API: add group members to group index
287 * implement API token support and management
289 * pveum: add 'pveum user token add/update/remove/list'
291 * pveum: add permissions sub-commands
293 * API: add 'permissions' API endpoint
295 * user.cfg: skip inexisting roles when parsing ACLs
297 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
299 libpve-access-control (6.0-5) pve; urgency=medium
301 * pveum: add list command for users, groups, ACLs and roles
303 * add initial permissions for experimental SDN integration
305 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
307 libpve-access-control (6.0-4) pve; urgency=medium
309 * ticket: use clinfo to get cluster name
311 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
314 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
316 libpve-access-control (6.0-3) pve; urgency=medium
318 * fix #2433: increase possible TFA secret length
320 * parse user configuration: correctly parse group names in ACLs, for users
321 which begin their name with an @
323 * sort user.cfg entries alphabetically
325 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
327 libpve-access-control (6.0-2) pve; urgency=medium
329 * improve CSRF verification compatibility with newer PVE
331 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
333 libpve-access-control (6.0-1) pve; urgency=medium
335 * ticket: properly verify exactly 5 minute old tickets
337 * use hmac_sha256 instead of sha1 for CSRF token generation
339 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
341 libpve-access-control (6.0-0+1) pve; urgency=medium
343 * bump for Debian buster
345 * fix #2079: add periodic auth key rotation
347 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
349 libpve-access-control (5.1-10) unstable; urgency=medium
351 * add /access/user/{id}/tfa api call to get tfa types
353 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
355 libpve-access-control (5.1-9) unstable; urgency=medium
357 * store the tfa type in user.cfg allowing to get it without proxying the call
358 to a higher privileged daemon.
360 * tfa: realm required TFA should lock out users without TFA configured, as it
361 was done before Proxmox VE 5.4
363 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
365 libpve-access-control (5.1-8) unstable; urgency=medium
367 * U2F: ensure we save correct public key on registration
369 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
371 libpve-access-control (5.1-7) unstable; urgency=medium
373 * verify_ticket: allow general non-challenge tfa to be run as two step
376 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
378 libpve-access-control (5.1-6) unstable; urgency=medium
380 * more general 2FA configuration via priv/tfa.cfg
382 * add u2f api endpoints
384 * delete TFA entries when deleting a user
386 * allow users to change their TOTP settings
388 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
390 libpve-access-control (5.1-5) unstable; urgency=medium
392 * fix vnc ticket verification without authkey lifetime
394 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
396 libpve-access-control (5.1-4) unstable; urgency=medium
398 * fix #1891: Add zsh command completion for pveum
400 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
401 to avoid issues on upgrade, will be enabled with 6.0
403 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
405 libpve-access-control (5.1-3) unstable; urgency=medium
407 * api/ticket: move getting cluster name into an eval
409 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
411 libpve-access-control (5.1-2) unstable; urgency=medium
413 * fix #1998: correct return properties for read_role
415 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
417 libpve-access-control (5.1-1) unstable; urgency=medium
419 * pveum: introduce sub-commands
421 * register userid with completion
423 * fix #233: return cluster name on successful login
425 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
427 libpve-access-control (5.0-8) unstable; urgency=medium
429 * fix #1612: ldap: make 2nd server work with bind domains again
431 * fix an error message where passing a bad pool id to an API function would
432 make it complain about a wrong group name instead
434 * fix the API-returned permission list so that the GUI knows to show the
435 'Permissions' tab for a storage to an administrator apart from root@pam
437 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
439 libpve-access-control (5.0-7) unstable; urgency=medium
441 * VM.Snapshot.Rollback privilege added
443 * api: check for special roles before locking the usercfg
445 * fix #1501: pveum: die when deleting special role
447 * API/ticket: rework coarse grained permission computation
449 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
451 libpve-access-control (5.0-6) unstable; urgency=medium
453 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
454 'verify' option. For compatibility reasons this defaults to off for now,
455 but that might change with future updates.
457 * AD, LDAP: Add ability to specify a CA path or file, and a client
458 certificate via the 'capath', 'cert' and 'certkey' options.
460 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
462 libpve-access-control (5.0-5) unstable; urgency=medium
464 * change from dpkg-deb to dpkg-buildpackage
466 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
468 libpve-access-control (5.0-4) unstable; urgency=medium
470 * PVE/CLI/pveum.pm: call setup_default_cli_env()
472 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
474 * check_api2_permissions: avoid warning about uninitialized value
476 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
478 libpve-access-control (5.0-3) unstable; urgency=medium
480 * use new PVE::OTP class from pve-common
482 * use new PVE::Tools::encrypt_pw from pve-common
484 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
486 libpve-access-control (5.0-2) unstable; urgency=medium
488 * encrypt_pw: avoid '+' for crypt salt
490 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
492 libpve-access-control (5.0-1) unstable; urgency=medium
494 * rebuild for PVE 5.0
496 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
498 libpve-access-control (4.0-23) unstable; urgency=medium
500 * use new PVE::Ticket class
502 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
504 libpve-access-control (4.0-22) unstable; urgency=medium
506 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
507 (moved to PVE::Storage)
509 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
511 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
513 libpve-access-control (4.0-21) unstable; urgency=medium
515 * setup_default_cli_env: expect $class as first parameter
517 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
519 libpve-access-control (4.0-20) unstable; urgency=medium
521 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
523 * PVE/API2/Domains.pm: fix property description
525 * use new repoman for upload target
527 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
529 libpve-access-control (4.0-19) unstable; urgency=medium
531 * Close #833: ldap: non-anonymous bind support
533 * don't import 'RFC' from MIME::Base32
535 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
537 libpve-access-control (4.0-18) unstable; urgency=medium
539 * fix #1062: recognize base32 otp keys again
541 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
543 libpve-access-control (4.0-17) unstable; urgency=medium
545 * drop oathtool and libdigest-hmac-perl dependencies
547 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
549 libpve-access-control (4.0-16) unstable; urgency=medium
551 * use pve-doc-generator to generate man pages
553 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
555 libpve-access-control (4.0-15) unstable; urgency=medium
557 * Fix uninitialized warning when shadow.cfg does not exist
559 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
561 libpve-access-control (4.0-14) unstable; urgency=medium
563 * Add is_worker to RPCEnvironment
565 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
567 libpve-access-control (4.0-13) unstable; urgency=medium
569 * fix #916: allow HTTPS to access custom yubico url
571 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
573 libpve-access-control (4.0-12) unstable; urgency=medium
575 * Catch certificate errors instead of segfaulting
577 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
579 libpve-access-control (4.0-11) unstable; urgency=medium
581 * Fix #861: use safer sprintf formatting
583 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
585 libpve-access-control (4.0-10) unstable; urgency=medium
587 * Auth::LDAP, Auth::AD: ipv6 support
589 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
591 libpve-access-control (4.0-9) unstable; urgency=medium
593 * pveum: implement bash completion
595 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
597 libpve-access-control (4.0-8) unstable; urgency=medium
599 * remove_storage_access: cleanup of access permissions for removed storage
601 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
603 libpve-access-control (4.0-7) unstable; urgency=medium
605 * new helper to remove access permissions for removed VMs
607 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
609 libpve-access-control (4.0-6) unstable; urgency=medium
611 * improve parse_user_config, parse_shadow_config
613 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
615 libpve-access-control (4.0-5) unstable; urgency=medium
617 * pveum: check for $cmd being defined
619 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
621 libpve-access-control (4.0-4) unstable; urgency=medium
623 * use activate-noawait triggers
625 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
627 libpve-access-control (4.0-3) unstable; urgency=medium
633 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
635 libpve-access-control (4.0-2) unstable; urgency=medium
637 * trigger pve-api-updates event
639 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
641 libpve-access-control (4.0-1) unstable; urgency=medium
643 * bump version for Debian Jessie
645 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
647 libpve-access-control (3.0-16) unstable; urgency=low
649 * root@pam can now be disabled in GUI.
651 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
653 libpve-access-control (3.0-15) unstable; urgency=low
655 * oath: add 'step' and 'digits' option
657 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
659 libpve-access-control (3.0-14) unstable; urgency=low
661 * add oath two factor auth
663 * add oathkeygen binary to generate keys for oath
665 * add yubico two factor auth
669 * depend on libmime-base32-perl
671 * allow to write builtin auth domains config (comment/tfa/default)
673 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
675 libpve-access-control (3.0-13) unstable; urgency=low
677 * use correct connection string for AD auth
679 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
681 libpve-access-control (3.0-12) unstable; urgency=low
683 * add dummy API for GET /access/ticket (useful to generate login pages)
685 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
687 libpve-access-control (3.0-11) unstable; urgency=low
689 * Sets common hot keys for spice client
691 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
693 libpve-access-control (3.0-10) unstable; urgency=low
695 * implement helper to generate SPICE remote-viewer configuration
697 * depend on libnet-ssleay-perl
699 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
701 libpve-access-control (3.0-9) unstable; urgency=low
703 * prevent user enumeration attacks
705 * allow dots in access paths
707 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
709 libpve-access-control (3.0-8) unstable; urgency=low
711 * spice: use lowercase hostname in ticktet signature
713 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
715 libpve-access-control (3.0-7) unstable; urgency=low
717 * check_volume_access : use parse_volname instead of path, and remove
720 * use warnings instead of global -w flag.
722 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
724 libpve-access-control (3.0-6) unstable; urgency=low
726 * use shorter spiceproxy tickets
728 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
730 libpve-access-control (3.0-5) unstable; urgency=low
732 * add code to generate tickets for SPICE
734 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
736 libpve-access-control (3.0-4) unstable; urgency=low
738 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
740 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
742 libpve-access-control (3.0-3) unstable; urgency=low
744 * Add new role PVETemplateUser (and VM.Clone privilege)
746 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
748 libpve-access-control (3.0-2) unstable; urgency=low
750 * remove CGI.pm related code (pveproxy does not need that)
752 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
754 libpve-access-control (3.0-1) unstable; urgency=low
756 * bump version for wheezy release
758 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
760 libpve-access-control (1.0-26) unstable; urgency=low
762 * check_volume_access: fix access permissions for backup files
764 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
766 libpve-access-control (1.0-25) unstable; urgency=low
768 * add VM.Snapshot permission
770 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
772 libpve-access-control (1.0-24) unstable; urgency=low
774 * untaint path (allow root to restore arbitrary paths)
776 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
778 libpve-access-control (1.0-23) unstable; urgency=low
780 * correctly compute GUI capabilities (consider pools)
782 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
784 libpve-access-control (1.0-22) unstable; urgency=low
786 * new plugin architecture for Auth modules, minor API change for Auth
787 domains (new 'delete' parameter)
789 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
791 libpve-access-control (1.0-21) unstable; urgency=low
793 * do not allow user names including slash
795 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
797 libpve-access-control (1.0-20) unstable; urgency=low
799 * add ability to fork cli workers in background
801 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
803 libpve-access-control (1.0-19) unstable; urgency=low
805 * return set of privileges on login - can be used to adopt GUI
807 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
809 libpve-access-control (1.0-18) unstable; urgency=low
811 * fix bug #151: correctly parse username inside ticket
813 * fix bug #152: allow user to change his own password
815 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
817 libpve-access-control (1.0-17) unstable; urgency=low
819 * set propagate flag by default
821 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
823 libpve-access-control (1.0-16) unstable; urgency=low
825 * add 'pveum passwd' method
827 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
829 libpve-access-control (1.0-15) unstable; urgency=low
831 * Add VM.Config.CDROM privilege to PVEVMUser rule
833 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
835 libpve-access-control (1.0-14) unstable; urgency=low
837 * fix buf in userid-param permission check
839 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
841 libpve-access-control (1.0-13) unstable; urgency=low
843 * allow more characters in ldap base_dn attribute
845 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
847 libpve-access-control (1.0-12) unstable; urgency=low
849 * allow more characters with realm IDs
851 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
853 libpve-access-control (1.0-11) unstable; urgency=low
855 * fix bug in exec_api2_perm_check
857 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
859 libpve-access-control (1.0-10) unstable; urgency=low
861 * fix ACL group name parser
863 * changed 'pveum aclmod' command line arguments
865 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
867 libpve-access-control (1.0-9) unstable; urgency=low
869 * fix bug in check_volume_access (fixes vzrestore)
871 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
873 libpve-access-control (1.0-8) unstable; urgency=low
875 * fix return value for empty ACL list.
877 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
879 libpve-access-control (1.0-7) unstable; urgency=low
881 * fix bug #85: allow root@pam to generate tickets for other users
883 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
885 libpve-access-control (1.0-6) unstable; urgency=low
887 * API change: allow to filter enabled/disabled users.
889 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
891 libpve-access-control (1.0-5) unstable; urgency=low
893 * add a way to return file changes (diffs): set_result_changes()
895 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
897 libpve-access-control (1.0-4) unstable; urgency=low
899 * new environment type for ha agents
901 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
903 libpve-access-control (1.0-3) unstable; urgency=low
905 * add support for delayed parameter parsing - We need that to disable
906 file upload for normal API request (avoid DOS attacks)
908 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
910 libpve-access-control (1.0-2) unstable; urgency=low
912 * fix bug in fork_worker
914 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
916 libpve-access-control (1.0-1) unstable; urgency=low
918 * allow '-' in permission paths
920 * bump version to 1.0
922 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
924 libpve-access-control (0.1) unstable; urgency=low
926 * first dummy package - no functionality
928 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200